Merge pull request #20 from datopian/feature/usr_create_restr_org_admin

[org_admin][s]: restricted org admins to create new user
datopian · Feb 7, 2023 · c194ce0 · c194ce0
2 parents 357b96a + c9a191d
commit c194ce0
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 1 deletion.
diff --git a/ckanext/portalopendatadk/controller.py b/ckanext/portalopendatadk/controller.py
@@ -35,6 +35,8 @@ def __before__(self, action, **env):
         # else redirect to the home page
         if not user_has_admin_access(False) and action != 'request_reset':
             h.redirect_to(controller='home', action='index')
+        if not authz.is_sysadmin(c.user) and action == 'register':
+            h.redirect_to(controller='home', action='index')
 
     def new(self, data=None, errors=None, error_summary=None):
         '''GET to display a form for registering a new user.

diff --git a/ckanext/portalopendatadk/templates/organization/member_new.html b/ckanext/portalopendatadk/templates/organization/member_new.html
@@ -0,0 +1,90 @@
+{% extends "organization/edit_base.html" %}
+
+{% import 'macros/form.html' as form %}
+
+{% set user = c.user_dict %}
+
+{% block subtitle %}{{ _('Edit Member') if user else _('Add Member') }} - {{ super() }}{% endblock %}
+
+{% block primary_content_inner %}
+  {% link_for _('Back to all members'), controller='organization', action='members', id=organization.name, class_='btn pull-right', icon='arrow-left' %}
+  <h1 class="page-heading">
+    {% block page_heading %}{{ _('Edit Member') if user else _('Add Member') }}{% endblock %}
+  </h1>
+  {% block form %}
+  <form class="dataset-form form-horizontal add-member-form" method='post'>
+    <div class="row-fluid">
+      <div class="control-group control-medium">
+        {% if not user %}
+          <label class="control-label" for="username">
+            {{ _('Existing User') }}
+          </label>
+          <span>
+            {{ _('If you wish to add an existing user, search for their username below.') }}
+          </span>
+        {% endif %}
+        <div class="controls">
+          {% if user %}
+            <input type="hidden" name="username" value="{{ user.name }}" />
+            <input id="username" name="username" type="text" value="{{ user.name }}"
+            disabled="True" class="control-medium">
+          {% else %}
+             <input id="username" type="text" name="username" placeholder="{{ _('Username') }}"
+            value="" class="control-medium" data-module="autocomplete"
+            data-module-source="/api/2/util/user/autocomplete?q=?">
+          {% endif %}
+        </div>
+      </div>
+      {% if c.userobj.sysadmin %}
+        <div class="add-member-or">
+          {{ _('or') }}
+        </div>
+        <div class="control-group control-medium">
+          <label class="control-label" for="email">
+            {{ _('New User') }}
+          </label>
+          <span>
+            {{ _('If you wish to invite a new user, enter their email address.') }}
+          </span>
+          <div class="controls">
+            <input id="email" type="email" name="email" placeholder="{{ _('Email address') }}" >
+          </div>
+        </div>
+      {% endif %}
+    </div>
+    {% set format_attrs = {'data-module': 'autocomplete'} %}
+    {{ form.select('role', label=_('Role'), options=c.roles, selected=c.user_role, error='', attrs=format_attrs) }}
+    <div class="form-actions">
+      {% if user %}
+        <a href="{% url_for controller='organization', action='member_delete', id=c.group_dict.id, user=user.id %}" class="btn btn-danger pull-left" data-module="confirm-action" data-module-content="{{ _('Are you sure you want to delete this member?') }}">{{ _('Delete') }}</a>
+        <button class="btn btn-primary" type="submit" name="submit" >
+          {{ _('Update Member') }}
+        </button>
+      {% else %}
+        <button class="btn btn-primary" type="submit" name="submit" >
+          {{ _('Add Member') }}
+        </button>
+      {% endif %}
+    </div>
+  </form>
+  {% endblock %}
+{% endblock %}
+
+{% block secondary_content %}
+{{ super() }}
+<div class="module module-narrow module-shallow">
+  <h2 class="module-heading">
+    <i class="fa fa-lg fa-info-circle"></i>
+    {{ _('What are roles?') }}
+  </h2>
+  <div class="module-content">
+    {% trans %}
+      <p><strong>Admin:</strong> Can add/edit and delete datasets, as well as
+        manage organization members.</p>
+      <p><strong>Editor:</strong> Can add and edit datasets, but not manage
+        organization members.</p>
+      <p><strong>Member:</strong> Can view the organization's private
+        datasets, but not add new datasets.</p>
+    {% endtrans %}
+  </div>
+{% endblock %}
diff --git a/ckanext/portalopendatadk/templates/user/dashboard.html b/ckanext/portalopendatadk/templates/user/dashboard.html
@@ -13,7 +13,7 @@
     {% block page_header %}
       <header class="module-content page-header hug">
         <div class="content_action">
-          {% if h.user_has_admin_access(False) %}
+          {% if c.userobj.sysadmin %}
             {% link_for _('Create an Account'), controller='user', action='register', class_='btn', icon='plus' %}
           {% endif %}
           {% link_for _('Edit settings'), controller='user', action='edit', id=user.name, class_='btn', icon='cog' %}